5 provider-signature - The signature library E<lt>-E<gt> provider functions
9 =for openssl multiple includes
11 #include <openssl/core_dispatch.h>
12 #include <openssl/core_names.h>
15 * None of these are actual functions, but are displayed like this for
16 * the function signatures for functions that are offered as function
17 * pointers in OSSL_DISPATCH arrays.
20 /* Context management */
21 void *OSSL_FUNC_signature_newctx(void *provctx, const char *propq);
22 void OSSL_FUNC_signature_freectx(void *ctx);
23 void *OSSL_FUNC_signature_dupctx(void *ctx);
26 int OSSL_FUNC_signature_sign_init(void *ctx, void *provkey,
27 const OSSL_PARAM params[]);
28 int OSSL_FUNC_signature_sign(void *ctx, unsigned char *sig, size_t *siglen,
29 size_t sigsize, const unsigned char *tbs, size_t tbslen);
32 int OSSL_FUNC_signature_verify_init(void *ctx, void *provkey,
33 const OSSL_PARAM params[]);
34 int OSSL_FUNC_signature_verify(void *ctx, const unsigned char *sig, size_t siglen,
35 const unsigned char *tbs, size_t tbslen);
38 int OSSL_FUNC_signature_verify_recover_init(void *ctx, void *provkey,
39 const OSSL_PARAM params[]);
40 int OSSL_FUNC_signature_verify_recover(void *ctx, unsigned char *rout,
41 size_t *routlen, size_t routsize,
42 const unsigned char *sig, size_t siglen);
45 int OSSL_FUNC_signature_digest_sign_init(void *ctx, const char *mdname,
47 const OSSL_PARAM params[]);
48 int OSSL_FUNC_signature_digest_sign_update(void *ctx, const unsigned char *data,
50 int OSSL_FUNC_signature_digest_sign_final(void *ctx, unsigned char *sig,
51 size_t *siglen, size_t sigsize);
52 int OSSL_FUNC_signature_digest_sign(void *ctx,
53 unsigned char *sig, size_t *siglen,
54 size_t sigsize, const unsigned char *tbs,
58 int OSSL_FUNC_signature_digest_verify_init(void *ctx, const char *mdname,
60 const OSSL_PARAM params[]);
61 int OSSL_FUNC_signature_digest_verify_update(void *ctx,
62 const unsigned char *data,
64 int OSSL_FUNC_signature_digest_verify_final(void *ctx, const unsigned char *sig,
66 int OSSL_FUNC_signature_digest_verify(void *ctx, const unsigned char *sig,
67 size_t siglen, const unsigned char *tbs,
70 /* Signature parameters */
71 int OSSL_FUNC_signature_get_ctx_params(void *ctx, OSSL_PARAM params[]);
72 const OSSL_PARAM *OSSL_FUNC_signature_gettable_ctx_params(void *ctx,
74 int OSSL_FUNC_signature_set_ctx_params(void *ctx, const OSSL_PARAM params[]);
75 const OSSL_PARAM *OSSL_FUNC_signature_settable_ctx_params(void *ctx,
78 int OSSL_FUNC_signature_get_ctx_md_params(void *ctx, OSSL_PARAM params[]);
79 const OSSL_PARAM * OSSL_FUNC_signature_gettable_ctx_md_params(void *ctx);
80 int OSSL_FUNC_signature_set_ctx_md_params(void *ctx, const OSSL_PARAM params[]);
81 const OSSL_PARAM * OSSL_FUNC_signature_settable_ctx_md_params(void *ctx);
85 This documentation is primarily aimed at provider authors. See L<provider(7)>
86 for further information.
88 The signature (OSSL_OP_SIGNATURE) operation enables providers to implement
89 signature algorithms and make them available to applications via the API
90 functions L<EVP_PKEY_sign(3)>,
91 L<EVP_PKEY_verify(3)>,
92 and L<EVP_PKEY_verify_recover(3)> (as well
93 as other related functions).
95 All "functions" mentioned here are passed as function pointers between
96 F<libcrypto> and the provider in L<OSSL_DISPATCH(3)> arrays via
97 L<OSSL_ALGORITHM(3)> arrays that are returned by the provider's
98 provider_query_operation() function
99 (see L<provider-base(7)/Provider Functions>).
101 All these "functions" have a corresponding function type definition
102 named B<OSSL_FUNC_{name}_fn>, and a helper function to retrieve the
103 function pointer from an L<OSSL_DISPATCH(3)> element named
105 For example, the "function" OSSL_FUNC_signature_newctx() has these:
107 typedef void *(OSSL_FUNC_signature_newctx_fn)(void *provctx, const char *propq);
108 static ossl_inline OSSL_FUNC_signature_newctx_fn
109 OSSL_FUNC_signature_newctx(const OSSL_DISPATCH *opf);
111 L<OSSL_DISPATCH(3)> arrays are indexed by numbers that are provided as
112 macros in L<openssl-core_dispatch.h(7)>, as follows:
114 OSSL_FUNC_signature_newctx OSSL_FUNC_SIGNATURE_NEWCTX
115 OSSL_FUNC_signature_freectx OSSL_FUNC_SIGNATURE_FREECTX
116 OSSL_FUNC_signature_dupctx OSSL_FUNC_SIGNATURE_DUPCTX
118 OSSL_FUNC_signature_sign_init OSSL_FUNC_SIGNATURE_SIGN_INIT
119 OSSL_FUNC_signature_sign OSSL_FUNC_SIGNATURE_SIGN
121 OSSL_FUNC_signature_verify_init OSSL_FUNC_SIGNATURE_VERIFY_INIT
122 OSSL_FUNC_signature_verify OSSL_FUNC_SIGNATURE_VERIFY
124 OSSL_FUNC_signature_verify_recover_init OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT
125 OSSL_FUNC_signature_verify_recover OSSL_FUNC_SIGNATURE_VERIFY_RECOVER
127 OSSL_FUNC_signature_digest_sign_init OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT
128 OSSL_FUNC_signature_digest_sign_update OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE
129 OSSL_FUNC_signature_digest_sign_final OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL
130 OSSL_FUNC_signature_digest_sign OSSL_FUNC_SIGNATURE_DIGEST_SIGN
132 OSSL_FUNC_signature_digest_verify_init OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT
133 OSSL_FUNC_signature_digest_verify_update OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE
134 OSSL_FUNC_signature_digest_verify_final OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL
135 OSSL_FUNC_signature_digest_verify OSSL_FUNC_SIGNATURE_DIGEST_VERIFY
137 OSSL_FUNC_signature_get_ctx_params OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS
138 OSSL_FUNC_signature_gettable_ctx_params OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS
139 OSSL_FUNC_signature_set_ctx_params OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS
140 OSSL_FUNC_signature_settable_ctx_params OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS
142 OSSL_FUNC_signature_get_ctx_md_params OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS
143 OSSL_FUNC_signature_gettable_ctx_md_params OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS
144 OSSL_FUNC_signature_set_ctx_md_params OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS
145 OSSL_FUNC_signature_settable_ctx_md_params OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS
147 A signature algorithm implementation may not implement all of these functions.
148 In order to be a consistent set of functions we must have at least a set of
149 context functions (OSSL_FUNC_signature_newctx and OSSL_FUNC_signature_freectx) as well as a
150 set of "signature" functions, i.e. at least one of:
154 =item OSSL_FUNC_signature_sign_init and OSSL_FUNC_signature_sign
156 =item OSSL_FUNC_signature_verify_init and OSSL_FUNC_signature_verify
158 =item OSSL_FUNC_signature_verify_recover_init and OSSL_FUNC_signature_verify_recover
160 =item OSSL_FUNC_signature_digest_sign_init, OSSL_FUNC_signature_digest_sign_update and OSSL_FUNC_signature_digest_sign_final
162 =item OSSL_FUNC_signature_digest_verify_init, OSSL_FUNC_signature_digest_verify_update and OSSL_FUNC_signature_digest_verify_final
164 =item OSSL_FUNC_signature_digest_sign_init and OSSL_FUNC_signature_digest_sign
166 =item OSSL_FUNC_signature_digest_verify_init and OSSL_FUNC_signature_digest_verify
170 OSSL_FUNC_signature_set_ctx_params and OSSL_FUNC_signature_settable_ctx_params are optional,
171 but if one of them is present then the other one must also be present. The same
172 applies to OSSL_FUNC_signature_get_ctx_params and OSSL_FUNC_signature_gettable_ctx_params, as
173 well as the "md_params" functions. The OSSL_FUNC_signature_dupctx function is optional.
175 A signature algorithm must also implement some mechanism for generating,
176 loading or importing keys via the key management (OSSL_OP_KEYMGMT) operation.
177 See L<provider-keymgmt(7)> for further details.
179 =head2 Context Management Functions
181 OSSL_FUNC_signature_newctx() should create and return a pointer to a provider side
182 structure for holding context information during a signature operation.
183 A pointer to this context will be passed back in a number of the other signature
184 operation function calls.
185 The parameter I<provctx> is the provider context generated during provider
186 initialisation (see L<provider(7)>). The I<propq> parameter is a property query
187 string that may be (optionally) used by the provider during any "fetches" that
188 it may perform (if it performs any).
190 OSSL_FUNC_signature_freectx() is passed a pointer to the provider side signature
191 context in the I<ctx> parameter.
192 This function should free any resources associated with that context.
194 OSSL_FUNC_signature_dupctx() should duplicate the provider side signature context in
195 the I<ctx> parameter and return the duplicate copy.
197 =head2 Signing Functions
199 OSSL_FUNC_signature_sign_init() initialises a context for signing given a provider side
200 signature context in the I<ctx> parameter, and a pointer to a provider key object
201 in the I<provkey> parameter.
202 The I<params>, if not NULL, should be set on the context in a manner similar to
203 using OSSL_FUNC_signature_set_ctx_params().
204 The key object should have been previously generated, loaded or imported into
205 the provider using the key management (OSSL_OP_KEYMGMT) operation (see
206 provider-keymgmt(7)>.
208 OSSL_FUNC_signature_sign() performs the actual signing itself.
209 A previously initialised signature context is passed in the I<ctx>
211 The data to be signed is pointed to be the I<tbs> parameter which is I<tbslen>
213 Unless I<sig> is NULL, the signature should be written to the location pointed
214 to by the I<sig> parameter and it should not exceed I<sigsize> bytes in length.
215 The length of the signature should be written to I<*siglen>.
216 If I<sig> is NULL then the maximum length of the signature should be written to
219 =head2 Verify Functions
221 OSSL_FUNC_signature_verify_init() initialises a context for verifying a signature given
222 a provider side signature context in the I<ctx> parameter, and a pointer to a
223 provider key object in the I<provkey> parameter.
224 The I<params>, if not NULL, should be set on the context in a manner similar to
225 using OSSL_FUNC_signature_set_ctx_params().
226 The key object should have been previously generated, loaded or imported into
227 the provider using the key management (OSSL_OP_KEYMGMT) operation (see
228 provider-keymgmt(7)>.
230 OSSL_FUNC_signature_verify() performs the actual verification itself.
231 A previously initialised signature context is passed in the I<ctx> parameter.
232 The data that the signature covers is pointed to be the I<tbs> parameter which
233 is I<tbslen> bytes long.
234 The signature is pointed to by the I<sig> parameter which is I<siglen> bytes
237 =head2 Verify Recover Functions
239 OSSL_FUNC_signature_verify_recover_init() initialises a context for recovering the
240 signed data given a provider side signature context in the I<ctx> parameter, and
241 a pointer to a provider key object in the I<provkey> parameter.
242 The I<params>, if not NULL, should be set on the context in a manner similar to
243 using OSSL_FUNC_signature_set_ctx_params().
244 The key object should have been previously generated, loaded or imported into
245 the provider using the key management (OSSL_OP_KEYMGMT) operation (see
246 provider-keymgmt(7)>.
248 OSSL_FUNC_signature_verify_recover() performs the actual verify recover itself.
249 A previously initialised signature context is passed in the I<ctx> parameter.
250 The signature is pointed to by the I<sig> parameter which is I<siglen> bytes
252 Unless I<rout> is NULL, the recovered data should be written to the location
253 pointed to by I<rout> which should not exceed I<routsize> bytes in length.
254 The length of the recovered data should be written to I<*routlen>.
255 If I<rout> is NULL then the maximum size of the output buffer is written to
256 the I<routlen> parameter.
258 =head2 Digest Sign Functions
260 OSSL_FUNC_signature_digeset_sign_init() initialises a context for signing given a
261 provider side signature context in the I<ctx> parameter, and a pointer to a
262 provider key object in the I<provkey> parameter.
263 The I<params>, if not NULL, should be set on the context in a manner similar to
264 using OSSL_FUNC_signature_set_ctx_params() and
265 OSSL_FUNC_signature_set_ctx_md_params().
266 The key object should have been
267 previously generated, loaded or imported into the provider using the
268 key management (OSSL_OP_KEYMGMT) operation (see provider-keymgmt(7)>.
269 The name of the digest to be used will be in the I<mdname> parameter.
271 OSSL_FUNC_signature_digest_sign_update() provides data to be signed in the I<data>
272 parameter which should be of length I<datalen>. A previously initialised
273 signature context is passed in the I<ctx> parameter. This function may be called
274 multiple times to cumulatively add data to be signed.
276 OSSL_FUNC_signature_digest_sign_final() finalises a signature operation previously
277 started through OSSL_FUNC_signature_digest_sign_init() and
278 OSSL_FUNC_signature_digest_sign_update() calls. Once finalised no more data will be
279 added through OSSL_FUNC_signature_digest_sign_update(). A previously initialised
280 signature context is passed in the I<ctx> parameter. Unless I<sig> is NULL, the
281 signature should be written to the location pointed to by the I<sig> parameter
282 and it should not exceed I<sigsize> bytes in length. The length of the signature
283 should be written to I<*siglen>. If I<sig> is NULL then the maximum length of
284 the signature should be written to I<*siglen>.
286 OSSL_FUNC_signature_digest_sign() implements a "one shot" digest sign operation
287 previously started through OSSL_FUNC_signature_digeset_sign_init(). A previously
288 initialised signature context is passed in the I<ctx> parameter. The data to be
289 signed is in I<tbs> which should be I<tbslen> bytes long. Unless I<sig> is NULL,
290 the signature should be written to the location pointed to by the I<sig>
291 parameter and it should not exceed I<sigsize> bytes in length. The length of the
292 signature should be written to I<*siglen>. If I<sig> is NULL then the maximum
293 length of the signature should be written to I<*siglen>.
295 =head2 Digest Verify Functions
297 OSSL_FUNC_signature_digeset_verify_init() initialises a context for verifying given a
298 provider side verification context in the I<ctx> parameter, and a pointer to a
299 provider key object in the I<provkey> parameter.
300 The I<params>, if not NULL, should be set on the context in a manner similar to
301 OSSL_FUNC_signature_set_ctx_params() and
302 OSSL_FUNC_signature_set_ctx_md_params().
303 The key object should have been
304 previously generated, loaded or imported into the provider using the
305 key management (OSSL_OP_KEYMGMT) operation (see provider-keymgmt(7)>.
306 The name of the digest to be used will be in the I<mdname> parameter.
308 OSSL_FUNC_signature_digest_verify_update() provides data to be verified in the I<data>
309 parameter which should be of length I<datalen>. A previously initialised
310 verification context is passed in the I<ctx> parameter. This function may be
311 called multiple times to cumulatively add data to be verified.
313 OSSL_FUNC_signature_digest_verify_final() finalises a verification operation previously
314 started through OSSL_FUNC_signature_digest_verify_init() and
315 OSSL_FUNC_signature_digest_verify_update() calls. Once finalised no more data will be
316 added through OSSL_FUNC_signature_digest_verify_update(). A previously initialised
317 verification context is passed in the I<ctx> parameter. The signature to be
318 verified is in I<sig> which is I<siglen> bytes long.
320 OSSL_FUNC_signature_digest_verify() implements a "one shot" digest verify operation
321 previously started through OSSL_FUNC_signature_digeset_verify_init(). A previously
322 initialised verification context is passed in the I<ctx> parameter. The data to be
323 verified is in I<tbs> which should be I<tbslen> bytes long. The signature to be
324 verified is in I<sig> which is I<siglen> bytes long.
326 =head2 Signature parameters
328 See L<OSSL_PARAM(3)> for further details on the parameters structure used by
329 the OSSL_FUNC_signature_get_ctx_params() and OSSL_FUNC_signature_set_ctx_params() functions.
331 OSSL_FUNC_signature_get_ctx_params() gets signature parameters associated with the
332 given provider side signature context I<ctx> and stored them in I<params>.
333 Passing NULL for I<params> should return true.
335 OSSL_FUNC_signature_set_ctx_params() sets the signature parameters associated with the
336 given provider side signature context I<ctx> to I<params>.
337 Any parameter settings are additional to any that were previously set.
338 Passing NULL for I<params> should return true.
340 Common parameters currently recognised by built-in signature algorithms are as
345 =item "digest" (B<OSSL_SIGNATURE_PARAM_DIGEST>) <UTF8 string>
347 Get or sets the name of the digest algorithm used for the input to the
348 signature functions. It is required in order to calculate the "algorithm-id".
350 =item "properties" (B<OSSL_SIGNATURE_PARAM_PROPERTIES>) <UTF8 string>
352 Sets the name of the property query associated with the "digest" algorithm.
353 NULL is used if this optional value is not set.
355 =item "digest-size" (B<OSSL_SIGNATURE_PARAM_DIGEST_SIZE>) <unsigned integer>
357 Gets or sets the output size of the digest algorithm used for the input to the
359 The length of the "digest-size" parameter should not exceed that of a B<size_t>.
361 =item "algorithm-id" (B<OSSL_SIGNATURE_PARAM_ALGORITHM_ID>) <octet string>
363 Gets the DER encoded AlgorithmIdentifier that corresponds to the combination of
364 signature algorithm and digest algorithm for the signature operation.
366 =item "nonce-type" (B<OSSL_SIGNATURE_PARAM_NONCE_TYPE>) <unsigned integer>
368 Set this to 1 to use deterministic digital signature generation with
369 ECDSA or DSA, as defined in RFC 6979 (see Section 3.2 "Generation of
370 k"). In this case, the "digest" parameter must be explicitly set
371 (otherwise, deterministic nonce generation will fail). Before using
372 deterministic digital signature generation, please read RFC 6979
373 Section 4 "Security Considerations". The default value for
374 "nonce-type" is 0 and results in a random value being used for the
375 nonce B<k> as defined in FIPS 186-4 Section 6.3 "Secret Number
378 =item "kat" (B<OSSL_SIGNATURE_PARAM_KAT>) <unsigned integer>
380 Sets a flag to modify the sign operation to return an error if the initial
381 calculated signature is invalid.
382 In the normal mode of operation - new random values are chosen until the
383 signature operation succeeds.
384 By default it retries until a signature is calculated.
385 Setting the value to 0 causes the sign operation to retry,
386 otherwise the sign operation is only tried once and returns whether or not it
388 Known answer tests can be performed if the random generator is overridden to
389 supply known values that either pass or fail.
393 OSSL_FUNC_signature_gettable_ctx_params() and OSSL_FUNC_signature_settable_ctx_params() get a
394 constant L<OSSL_PARAM(3)> array that describes the gettable and settable parameters,
395 i.e. parameters that can be used with OSSL_FUNC_signature_get_ctx_params() and
396 OSSL_FUNC_signature_set_ctx_params() respectively.
400 See L<OSSL_PARAM(3)> for further details on the parameters structure used by
401 the OSSL_FUNC_signature_get_md_ctx_params() and OSSL_FUNC_signature_set_md_ctx_params()
404 OSSL_FUNC_signature_get_md_ctx_params() gets digest parameters associated with the
405 given provider side digest signature context I<ctx> and stores them in I<params>.
406 Passing NULL for I<params> should return true.
408 OSSL_FUNC_signature_set_ms_ctx_params() sets the digest parameters associated with the
409 given provider side digest signature context I<ctx> to I<params>.
410 Any parameter settings are additional to any that were previously set.
411 Passing NULL for I<params> should return true.
413 Parameters currently recognised by built-in signature algorithms are the same
414 as those for built-in digest algorithms. See
415 L<provider-digest(7)/Digest Parameters> for further information.
417 OSSL_FUNC_signature_gettable_md_ctx_params() and OSSL_FUNC_signature_settable_md_ctx_params()
418 get a constant L<OSSL_PARAM(3)> array that describes the gettable and settable
419 digest parameters, i.e. parameters that can be used with
420 OSSL_FUNC_signature_get_md_ctx_params() and OSSL_FUNC_signature_set_md_ctx_params()
425 OSSL_FUNC_signature_newctx() and OSSL_FUNC_signature_dupctx() should return the newly created
426 provider side signature context, or NULL on failure.
428 OSSL_FUNC_signature_gettable_ctx_params(), OSSL_FUNC_signature_settable_ctx_params(),
429 OSSL_FUNC_signature_gettable_md_ctx_params() and OSSL_FUNC_signature_settable_md_ctx_params(),
430 return the gettable or settable parameters in a constant L<OSSL_PARAM(3)> array.
432 All other functions should return 1 for success or 0 on error.
440 The provider SIGNATURE interface was introduced in OpenSSL 3.0.
444 Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
446 Licensed under the Apache License 2.0 (the "License"). You may not use
447 this file except in compliance with the License. You can obtain a copy
448 in the file LICENSE in the source distribution or at
449 L<https://www.openssl.org/source/license.html>.